Vulnerability Description
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mercedes-Benz | Xentry Retail Data Storage Firmware | 7.8.1 |
| Mercedes-Benz | Xentry Retail Data Storage | - |
Related Weaknesses (CWE)
References
- https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-dataVendor Advisory
- https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of
- https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-dataVendor Advisory
- https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of
FAQ
What is CVE-2023-23590?
CVE-2023-23590 is a vulnerability with a CVSS score of 7.5 (HIGH). Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the...
How severe is CVE-2023-23590?
CVE-2023-23590 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23590?
Check the references section above for vendor advisories and patch information. Affected products include: Mercedes-Benz Xentry Retail Data Storage Firmware, Mercedes-Benz Xentry Retail Data Storage.